There are plenty of articles in the Internet about what we are going to see today, but not the way i'm going to show it to you ;) but first Why the need to encrypt your application's source code? Maybe from being Reversed?! Maybe you already know about it and maybe you don't, however let me give you a little idea about what Software Reverse Engineering is, it's simply opening a program inside a tool called debugger(such as OllyDebugger, SoftICE, Immunity Debugger...) to make it's features fully working after they've been restricted only for the ones who buy it, it could be also for competitive purposes, etc...

So let's assume you have made an application and you want to protect some sensitive areas in your code (license key verification routine for example) from being reversed?, then you'll have to use an extension (example: compressor, protector, cryptor, etc...) which uses an extra protected/crypted code that jumps in a secure way to the original code, but that will only delay RE, because everything is just Crackable :) it could also be used to confuse antivirus engines from identifying malicious behaviors. So today we are going to concentrate on the code encryption part only, because there are numerous methods of Anti-RE. and we just don't want to get wasted :)

As the title says what we are going to see today is called a "Self Decryption Code" so what is this? this means the software decrypts a part of itself at runtime, which requires a decrypter stub inside the software and an encrypted code. There are many encryption methods such as XOR, RC4, Blowfish, Tea, etc..., some are static(with a static decryption key) and some are Dynamic (changes everytime) and there are many other methods..

But today we are going to see the Static Decryption method which is honestly easy to reverse. but that only depends on how you want it to be. And we want to protect that little part where the calculation and verification happens! let's see how to do that.We will try to encrypt the following code by using the XOR encryption with a key.

as you might already know every instruction starts with a number that is called an OpCode that determines the nature of that instruction, example: in the x86 family 0x6A correspond to the PUSH instruction, and so on :) so what we are going to do is to encrypt each opcode with the key we've chosen:

in the above code we get a typed integer and had put it in edx and then jump to the decryption algorithm where those 15 NOP's (because we had encrypted 15 bytes) are going to be replaced by, and if everything goes well you will either get a Wrong or Correct message.

As a conclusion, i must say that the example given above is the most easiest thing a reverser could encounter, but there are many ways of making your decryption code much more harder and complicated, but remember that nothing is impossible especially in this domain ;) and hopefully i cover more of this in my future posts.

Hope this was a useful article. Now i will let you with your imagination.